Can technology stop terrorist vehicle ramming attacks?

It feels like barely a week goes by without another breaking news account of a terrorist attack involving vehicle ramming, a form of attack in which a perpetrator deliberately aims a motor vehicle at a target with the intent to inflict fatal injuries or significant property damage by striking with concussive force.

From 2014 through 2017, terrorists carried out 21 known vehicle ramming attacks worldwide, resulting in over 220 fatalities and 800 injuries, including cities such as London, Stockholm, Berlin, Jerusalem, and Barcelona.

It’s fair to say that people connected to the ideas of terrorism will use any form of weapon possible to maim and kill at their disposal and a car or truck is just one tool in their potential arsenal. It’s also true that preventing terrorism is a multifaceted problem that encompasses law enforcement, intelligence, politics, and surveillance as well as of course, attempts to prevent people becoming attracted to terrorist acts in the first instance. We currently see the installation of bollards and other barriers being erected in public spaces, which may prevent or ameliorate some attacks.

I have lived in two cities where people who died due to car ramming — Melbourne and Berlin — and technology writers are familiar with the trolley car problem when it comes to the ethics of self-driving cars. Along with deliberate acts of terrorism, we also have the reality of vehicles hitting people or places in the event of an ill or unconscious passenger or a driver poorly following GPS instructions too literally.

So what does this mean for technology, can it solve the problem or will it contribute to the ease of future attacks?

How technology could (and does) help

In Berlin last year a truck was driven by terrorists through a local Christmas market attack in Berlin, resulting in significant casualties, but they could have been worse: the assailant’s truck reportedly stopped early on during the attack. The truck had been fitted with an automatic emergency braking system, something that is covered under a regulation that is now mandated for heavier trucks in the EU.

EU Regulation No. 347/2012 specifies the technical requirements and test procedures for advanced emergency braking systems (AEBS) that detect the possibility of a collision with a preceding vehicle, warn the driver by a combination of optical, acoustic or haptic signals and, if the driver takes no action, automatically apply the vehicle’s brakes. In this instance the application meant that the trajectory of the truck was stopped earlier than intended, thus potentially saving many lives. Similar regulations have been proposed in the U.S.

It’s also worth considering instances where stolen vehicles are being used as attack vehicles as in Stockholm. Delivery trucks are increasingly embedded with sensor technology and one option would be a kill switch that would shut down the truck and transmit its location as soon as it was reported lost. However, according to security researchers at Cisco, the reality is not quite so simple. I spoke to Barry Einsig, Global Automotive and Transportation Executive, and Franc Artes, Architect, Security Business Group last week who explained that the technology to shut a vehicle down exists today, “and has for probably almost a decade.” According to Artes, this a particularly relevant when we talk about connected vehicles:

“Because they’re connected it creates the opportunity to host the system and update or revoke certificates and ultimately you could geofence these devices and then you could shut those vehicles down. It’s not a technology problem it’s more of a security problem and also a process problem.

There was a lot of studies right after 9/11 regarding being able to shut vehicles down and part of the reason they didn’t advocate it was cyber security related and also because it could cause a bigger safety issue to shut down a big heavy vehicle when it’s going at highway speeds.”

[embedded content]

How technology could make attacks easier

We already have ample examples of the ease of car hacking thanks to the efforts of white hat enthusiasts and researchers. It’s thus entirely possible that a car (self-automated or not) could be utilized in a terrorist attack. According to Einsig and Artes, the transportation industry’s technology infrastructure was traditionally built on closed, proprietary systems. The industry is on a journey to switch to modern connected networks, but security leaders fear the exposure to attackers during this transition period.

As we see the move into connected transport systems such as v2v communication and intelligent transportation enterprises. According to security analyst Sam Bocetta, one of the challenges is that with each branch in that chain of community you open yourself up to MITM attacks (Man in the Middle Attacks).

“An example of this is an IMSI catcher which works to basically intercept the communication between a node and a hub. This is done without either party knowing about the breach, allowing the MITM attacker to send a command or message to the node (in this situation the car).”

Criminals are also heavily invested in new technology. Cisco’s Ensig says:

“Cyber criminals think further outside the box than the engineer who’s developing the technology who is focused is solving the problem. Whether it is car technology that notices that you’re starting to swerve into a lane so your vehicle automatically shunts the steering wheel in the other direction to swerve back, hackers have already found a way to activate that to force you into oncoming traffic. Then there are acts like remotely engaging the brakes and crash sensors in the vehicle.”

He also notes that colloquially people connect terrorism with Luddites living in mud huts when they are as likely to be highly educated and intelligent with tech skills: